Hidden Manipulation

Hidden manipulation is one of the most common hacking practices occurring against several e-commerce websites today. This hacking act involves manipulation of hidden fields and changing the data stored in the field.

How does it happen? Hidden manipulation is generally conducted against several online stores. During a client session, developers take the help of hidden fields to store information related to the client. The fields, in general, include the price rate and the discount rates. For instance, a website deals in watches and the given value of a watch reads $500. The existing hidden field was developed in the application to facilitate rapid development and store the value of the watch in the particular field. A developer working over the application possibly assumes the information to stay intact and unharmed in the hidden field. However, a hacker can alter the value using a common Netscape HTML Editor and change it from $500 to $20. Thus, with the employment of the hidden manipulation process and the use of the HTML editor, he can finally submit the slightly altered HTML page and can conclude a transaction of the item. However, the bargain ends with the hacker fixing up a price of his own and purchasing the higher valued item.

Most website owners and companies conducting online business are, thus, worried about such web application attacks. To protect their network level, they have employed several traditional security techniques such as using sound anti-virus software, a firewall or the latest intrusion detection software. In this case even though the hidden fields are beyond the reach of usual users, a curious hacker with the knowledge of programming can unearth the fields and data and exploit them. Hidden manipulation attacks can expose crucial business information of a website and make the online store face huge losses. With a number of such cases being detected, the website will possibly lose credibility in face of clients.

More...